Be proactive whether or not you’re a victim of this particular hack.
James Martin/CNET
T-Mobile continues to investigate a data breach from earlier this week that compromised the personal information of tens of millions people, and not just active subscribers. The data includes names, driver’s license numbers, Social Security numbers and device identification (IMEI and IMSI) numbers for subscribers, former customers, and prospective customers who may have been interested in T-Mobile service at one point. And the breach includes customers of Metro by T-Mobile too. That means almost anyone who has given their information to T-Mobile could be affected.
In a press release Friday, T-Mobile says there’s “no indication” that financial data like credit card or other payment information was compromised. The company has reset PIN numbers for all prepaid customers after the exposure of 850,000 accounts. T-Mobile is still completing its investigation and will notify people whose data was accessed. Right now, there’s no way to tell if you should take additional action.
While the situation develops, you can read our guide to check if your password is on the dark web. We’ll also keep you posted about a possible class action suit against T-Mobile. Here are some things you can do to help secure your sensitive data against any hack, regardless of whether your information has been included in any number of data breaches.
Watch this:
Americans get go-ahead for COVID boosters, T-Mobile breach…
1:30
Freeze your credit with all three bureaus
One of the first things you should do is put a freeze on your credit. Doing so will prevent anyone with your information from opening a line of credit, or taking out any loans under your name. Freezing your credit won’t take long: You’ll just need to fill out a form with Equifax, Experian and Transunion (one from each company) to make the request.
The downside to freezing your credit is that when you want to make certain purchases, such as upgrading your iPhone, you’ll need to go through the process of briefly removing your credit freeze — and then refreezing once you’re done.
Yes, it’s inconvenient. But the extra time you take to freeze, unfreeze and then refreeze your credit is worth it and pales in comparison to the time you’d spend trying to reverse the damage done by someone opening a credit card or line of credit in your name.
Lock down everything you can as soon as you can.
Angela Lang/CNET
Use monitoring services to keep an eye on your credit
Staying on top of what’s on your credit report is an easy way to make sure someone isn’t using your information nefariously. Some companies offer free credit monitoring to victims of a data breach, but oftentimes that’s only temporary. For example, T-Mobile is offering two years of McAfee’s ID Theft Protection Service for free to those affected by the latest breach. Take advantage of offers like this if your data is included in a breach, but once the limited-time offer expires, be ready to sign up for another service.
There are several credit monitoring services that help you watch your credit report and using one could mean you will receive an alert and hopefully catch false accounts as soon as they happen.
Sign up for identity-theft monitoring
Monitoring your credit report is an important step to take; however, there’s so much more that can be done with your personal information. In addition to keeping an eye on your Social Security number and credit, an identity-monitoring service will monitor the dark web for anyone selling or trading your personal information or arrests under your name. It should give you peace of mind if someone tries to do anything with your personal information.
1Password is one of many password managers that keep your information secure.
1Password
Use a password manager to create and store logins
Using a unique and strong password for every online account you own is an easy way to make sure a breach of one service doesn’t lead to bad guys accessing more of your online accounts where you used the same password.
Instead of reusing a password — or a series of passwords — rely on a password manager to create, store and autofill your login information.
Don’t wait to protect your personal data
The most important aspect of taking action after a hack or breach is announced is to not wait for the affected companies to announce how they want you to handle it. Be proactive. At the end of the day, it’s your information and your financial future that’s at stake.
After locking down your credit and starting monitoring services, begin to look at suggestions from the affected companies.
Some breaches lead to settlements, forcing the company to offer free services or settlements, as in the 2017 Equifax case.